On Thu, 2020-07-23 at 15:32 +0800, xiubli@xxxxxxxxxx wrote: > From: Xiubo Li <xiubli@xxxxxxxxxx> > > If the ceph_mdsc_init() fails, it will free the mdsc already. > > Reported-by: syzbot+b57f46d8d6ea51960b8c@xxxxxxxxxxxxxxxxxxxxxxxxx > URL: https://tracker.ceph.com/issues/46684 > Signed-off-by: Xiubo Li <xiubli@xxxxxxxxxx> > --- > fs/ceph/mds_client.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c > index af7221d1c610..590822fab767 100644 > --- a/fs/ceph/mds_client.c > +++ b/fs/ceph/mds_client.c > @@ -4453,7 +4453,6 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc) > goto err_mdsc; > } > > - fsc->mdsc = mdsc; > init_completion(&mdsc->safe_umount_waiters); > init_waitqueue_head(&mdsc->session_close_wq); > INIT_LIST_HEAD(&mdsc->waiting_for_map); > @@ -4508,6 +4507,8 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc) > > strscpy(mdsc->nodename, utsname()->nodename, > sizeof(mdsc->nodename)); > + > + fsc->mdsc = mdsc; > return 0; > > err_mdsmap: Looks good, merged into testing. Thanks! -- Jeff Layton <jlayton@xxxxxxxxxx>
